Executive Summary

Summary
Title SysLINK M2M Modular Gateway contains multiple vulnerabilities
Informations
Name VU#822980 First vendor Publication 2016-04-22
Vendor VU-CERT Last vendor Modification 2016-04-22
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#822980

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Original Release date: 22 Apr 2016 | Last revised: 22 Apr 2016

Overview

The SysLINK SL-1000 M2M (Machine-to-Machine) Modular Gateway contains multiple vulnerabilities.

Description

According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:

CWE-259: Use of Hard-coded Password - CVE-2016-2331

By default, the device's web interface uses a default password across all devices and does not prompt the administrator to change that password.

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') - CVE-2016-2332

The device's web interface runs as the root user and is vulnerable to command injection via an authenticated POST request to flu.cgi. The parameter "5066" (dnsmasq) is vulnerable to injection. Commands are constructed and run as the root user.

CWE-321: Use of Hard-coded Cryptographic Key - CVE-2016-2333

The device uses an encryption key that is hard-coded and believed to be static across the entire device population.

The CERT/CC has been unable to confirm these vulnerabilities with the vendor. It is also unclear if models other than the SL-1000 are affected.

Impact

An unauthenticated remote attacker with knowledge of the password may obtain root access to the device.

Solution

Apply an update

According to the reporter, affected users should update to firmware version 01A.8 which addresses these issues. CERT/CC has reached out to Systech to confirm this information.

Additionally, affected users may consider the following workarounds and mitigations:

Restrict Network Access

As a general good security practice, only allow connections from trusted hosts and networks. Consult your firewall product's manual for more information.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SystechAffected17 Apr 201622 Apr 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal9.5E:F/RL:U/RC:C
Environmental7.1CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • None

Credit

Thanks to Roman Faynberg and Jeremy Allen of Carve Systems for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2016-2331CVE-2016-2332CVE-2016-2333
  • Date Public:22 Apr 2016
  • Date First Published:22 Apr 2016
  • Date Last Updated:22 Apr 2016
  • Document Revision:28

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/822980

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-310 Cryptographic Issues
33 % CWE-255 Credentials Management
33 % CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-05-05 00:35:24
  • Multiple Updates
2016-04-26 00:30:24
  • Multiple Updates
2016-04-22 21:24:38
  • First insertion